Congestion notification in private VLANs

1. A switch, comprising: a processor; a computer-readable storage medium storing instructions which when executed by the processor causes the processor to perform a method, the method comprising: allowing a frame with an isolated virtual local area network (VLAN) identifier to be forwarded via an isolated VLAN port; and enforcing an egress VLAN filtering rule for the isolated VLAN port.

2. The switch of claim 1 , wherein the egress VLAN filtering rule permits forwarding of frames with an isolated VLAN identifier or primary VLAN identifier.

3. The switch of claim 1 , wherein the method further comprises enforcing an egress access control list.

4. The switch of claim 1 , wherein the method further comprises preventing a frame with an isolated VLAN identifier and which is not a congestion notification frame from being forwarded via the isolated VLAN port.

5. The switch of claim 3 , wherein the method further comprises examining an Ethertype field in the frame's header to determine whether the frame is a congestion notification message.

6. The switch of claim 1 , wherein the switch is an Ethernet switch.

7. A computer executable method, comprising: allowing a frame with an isolated virtual local area network (VLAN) identifier to be forwarded via an isolated VLAN port; enforcing an egress VLAN filtering rule for the isolated VLAN port.

8. The method of claim 7 , wherein the egress VLAN filtering rule permits forwarding of frames with an isolated VLAN identifier or primary VLAN identifier.

9. The method of claim 7 , further comprising enforcing an egress access control list.

10. The method of claim 9 , wherein enforcing the egress access control list comprises preventing a frame with an isolated VLAN identifier and which is not a congestion notification frame from being forwarded via the isolated VLAN port.

11. The method of claim 9 , wherein enforcing the egress access control list comprises examining an Ethertype field in the frame's header to determine whether the frame is a congestion notification message.

12. The method of claim 7 , wherein the frame is an Ethernet frame.

13. A non-transitory computer-readable storage medium storing instructions which when executed by a computer cause the computer to perform a method, the method comprising: allowing a frame with an isolated virtual local area network (VLAN) identifier to be forwarded via an isolated VLAN port; and enforcing an egress VLAN filtering rule for the isolated VLAN port.

14. The non-transitory computer-readable storage medium of claim 13 , wherein the method further comprises enforcing an egress access control list.

15. The non-transitory computer-readable storage medium of claim 14 , wherein enforcing the egress access control list comprises preventing a frame with an isolated VLAN identifier and which is not a congestion notification frame from being forwarded via the isolated VLAN port.

16. The non-transitory computer-readable storage medium of claim 14 , wherein enforcing the egress access control list comprises examining an Ethertype field in the frame's header to determine whether the frame is a congestion notification message.

17. The non-transitory computer-readable storage medium of claim 13 , wherein the frame is an Ethernet frame.

18. The non-transitory computer-readable storage medium of claim 13 , wherein the egress VLAN filtering rule permits forwarding of frames with an isolated VLAN identifier or primary VLAN identifier.

19. A switch means, comprising: a forwarding means for allowing a frame with an isolated virtual local area network (VLAN) identifier to be forwarded via an isolated VLAN port; and an enforcing means for enforcing an egress VLAN filtering rule for the isolated VLAN port.